LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-12-2009, 02:05 AM   #1
rhlnewbie
Member
 
Registered: Jan 2007
Posts: 39

Rep: Reputation: 15

I am configuring a stand alone email server. I want to protect it with snort inline can it be done with everything on the one server? circumstances at this time does not allow me to have more servers at this time. please help me.
rhlnewbie
p.s. I'm using Ubuntu 9.04 now

sorry should have deleted this post when I reposted to linux security. my mistake.
miles sakaguchi

Last edited by unSpawn; 06-13-2009 at 01:24 PM. Reason: //moderator: merge to retain 0-reply status
 
Old 06-13-2009, 01:56 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Are there any particular requirements that force you to use inline?
 
Old 06-13-2009, 07:54 PM   #3
rhlnewbie
Member
 
Registered: Jan 2007
Posts: 39

Original Poster
Rep: Reputation: 15
mmmmm

iIthought inline was for IPS at least thats how I read my research on snort.

miles
p.s. my mistake that this is a duplicate post from linux-software. sorry I didn't know how to delete that post.

Last edited by rhlnewbie; 06-13-2009 at 11:16 PM.
 
Old 06-14-2009, 05:31 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Sure but using inline requires a machine in bridge or router mode. In router mode you make all traffic go through an iptables QUEUE target. If neither bridge or router mode is feasible and you can't add another machine then the only thing I can think of is trying to use virtualization, have the VM guest be other end of the bridge and host the services (or maybe the other way around: have a VM guest with two network cards play snort-inline). I don't know if that will work, be secure or performant enough and I can't judge if the overhead of running a complete OS for it is ludicrous to start with.
* If you don't need Snort in inline mode then maybe adding some third party app to trigger blocking traffic by managing iptables rules (anything newer than Guardian?) could do?

Last edited by unSpawn; 06-14-2009 at 05:43 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
snort inline rhlnewbie Linux - Software 1 06-12-2009 03:57 PM
Snort Inline priyadarshan Linux - Software 3 05-27-2009 05:03 AM
Snort Inline priyadarshan Linux - Security 4 04-08-2009 09:25 AM
Snort Inline priyadarshan Linux - Software 1 04-08-2009 09:23 AM
Snort inline enyawix Linux - Networking 0 09-24-2004 03:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration